Integrated security and communications system with secure communications link

ABSTRACT

An integrated security and communications system combines a security system to either or both of a telephone system interface and a data interface. Users have access to voice-mail or other PBX-type telephone functions, many or all of which can be accessed not only at telephone sets, but also at keypads of the security system. Data functions such as electronic mail and possible partial or full World Wide Web access may also be provided at the keypads, as well as at connected personal computers or computer terminals. The system keypads may be enhanced to better accommodate some of the added functions. A central communications station could be used to maintain secure, shared private key encrypted communications with each premises system, using a redirector arrangement or relay to allow each premises system to communicate securely with a central monitoring station and with other systems. The secure communications system could be used without a security system to allow secure computer-to-computer communications.

CROSS REFERENCE TO RELATED APPLICATION

[0001] This claims the benefit of copending U.S. Provisional PatentApplication No. 60/188,798, filed Mar. 13, 2000.

BACKGROUND OF THE INVENTION

[0002] This invention relates to an integrated security andcommunications system. In particular, this invention relates to asecurity system integrated with a telephone system and/or an Internetconnection, in which various communications features can be accessedfrom a keypad of the security system, and various security systemfeatures can be accessed from connected telephone sets.

[0003] Security systems for residential properties are well known. Suchsystems at one time were electrical or electromechanical in nature, butin more recent times have become electronic in nature, relying onmicroprocessors for controlling and carrying out their functions.Moreover, while it was common at one time for a residential securitysystem to have external controls (e.g., key-operated switches) toactivate and deactivate the system on exit and entry, which provided apoint of attack for potential intruders, it is more common now for amicroprocessor-based system to provide entry and exit delays, allowingall control interfaces to be within the protected perimeter of thepremises. As a result, the first place a returning occupant goes uponentering the residence is to the nearest control interface for thesecurity system, to disarm the system before expiration of the entrydelay. Similarly, the last place a departing occupant goes upon leavingthe premises is to the control interface, to arm the system.

[0004] Alternatively, or additionally, the user may have a transmitter,frequently provided in the form of a keyfob to be kept on the user'skeyring, for arming and disarming the system. The transmitter may be aradio-frequency transmitter, in which case the user would notnecessarily have to be within close proximity to any particular locationon the premises, or may be an infrared transmitter, in which case theuser would have to be in close proximity to, or at least substantiallyin the line of sight of, a receiver, which might conveniently beincluded as part of the control interface.

[0005] It also has become common for residences to be equipped with somesort of telephone answering device, which records a caller's incomingmessage, name, and or telephone number, for playback or review by theresident upon returning home. The answering machine or calleridentification device also is one of the first places to which aresident goes on returning home.

[0006] Most recently, it also has become common for individuals to haveelectronic mail accounts for receiving messages via the Internet orother public data networks. Thus, a third place to which a returningresident goes is to a computer, to retrieve the electronic mail.

[0007] Security systems of the type being discussed almost universallycommunicate with a “central station” which monitors or supervises thestatus of each security system. Not only are alarms reported to thecentral station, which then acts on them or dispatches law enforcementto act on them, but even the absence of communication may be acted uponas a sign of possible trouble at the secured premises. In addition, amaintenance condition (such as a low back-up battery) can be detectedand a service technician can be dispatched or the premises owner can beadvised to correct the condition.

[0008] The communications between the local security system and theremote central station has traditionally been carried by landline orcellular telephone or by radio. Frequently, more than one of those mediaare used, for redundancy. Increasingly, many of the protected premises,including both homes and businesses, have high-speed connections to theInternet. Using such connections to communicate to the central stationwould be faster than the other methods described above. However, thereare several problems associated with using the Internet for centralstation communications.

[0009] First, the inherent nature of the Internet gives rise to the riskof interception of, or eavesdropping on, messages sent on the Internet.This means that a secure encryption method is required.

[0010] Second, most Internet connections do not have fixed InternetProtocol (“IP”) addresses, meaning the central station cannot be sure,simply from looking at the originating address, that a message comesfrom a particular location. Because the central station must thereforeaccept messages from any IP address, and use other data in the messageto identify the sender, the central station needs some other way toauthenticate that the sender is who it appears to be.

[0011] Third, in most cases where the premises is served by an Internetconnection, that connection is protected by a “firewall” to preventunauthorized access to computers on the premises—e.g., by “hackers.”This makes it difficult, if not impossible, for a central station topoll the security system on the premises via the Internet, because thefirewall prevents Internet access from the outside.

[0012] Fourth, the Internet has not yet reached a sufficiently maturestate that it can be counted on to be available at all times. Service toa particular location may be “down” at unpredictable times.

[0013] Nevertheless, if a way could be found to use the Internet tocommunicate securely between a premises security system and a centralstation, and the system worked—i.e., the connection was not “down,” theInternet would clearly be the fastest communications channel, ascompared to landline or cellular telephone, or radio.

[0014] Such a system would have multiple channels available to getmessages to the central station. It would be necessary to use thosevarious channels in the most efficient manner, avoiding unnecessaryredundancy but also avoiding unnecessary delay in reporting to thecentral station.

[0015] It would be desirable to be able to minimize the number ofelectronic devices to which an individual must attend on returning orleaving the premises.

[0016] It also would be desirable to be able to improve the security ofcommunications between the premises and an external data network.

SUMMARY OF THE INVENTION

[0017] It is an object of this invention to minimize the number ofelectronic devices to which an individual must attend on returning orleaving home.

[0018] It is also an object of this invention to improve the security ofcommunications between the home and an external data network.

[0019] In accordance with this invention, there is provided anintegrated security and communications system. The system has a securitycontroller having at least one sensory input, at least one alarm outputand at least one control signal input/output port. A control interfaceis operatively connected to the control inputs and outputs. Acommunications unit is connected to a communication channel providing atleast one communication function, and has a first communication port forconnection to a control input and a control output of the securitycontroller for providing at least one of its communication functions toa user at the control interface.

[0020] In one embodiment of the invention, the communications unit is anelectronic answering machine/voice-mail unit, providing an array oftelephone answering and related functions. In another embodiment, thecommunications unit is an Internet gateway. In a particularly preferredembodiment, the Internet gateway can communicate with the Internetsecurely from behind a firewall using shared private key encryption,creating a virtual private network.

BRIEF DESCRIPTION OF THE DRAWINGS

[0021] The above and other objects and advantages of the invention willbe apparent upon consideration of the following detailed description,taken in conjunction with the accompanying drawings, in which likereference characters refer to like parts throughout, and in which:

[0022]FIG. 1 is a simplified schematic diagram of a preferred embodimentof a security system in accordance with the present invention;

[0023]FIG. 2 is a simplified schematic diagram of a second preferredembodiment of a security system in accordance with the presentinvention;

[0024]FIG. 3 is an elevational view of a first embodiment of a keypadfor use in a system according to the invention;

[0025]FIG. 4 is an elevational view of a second embodiment of a keypadfor use in a system according to the invention;

[0026]FIG. 5 is a simplified schematic diagram of the circuitry of thekeypad of FIG. 4;

[0027]FIG. 6 is an elevational view of a third embodiment of a keypadfor use in a system according to the invention;

[0028]FIG. 7 is a simplified schematic diagram of a preferred embodimentof a telephone interface unit according to the invention; and

[0029]FIG. 8 is a simplified schematic diagram of a preferred embodimentof a communications system according to the invention.

DETAILED DESCRIPTION OF THE INVENTION

[0030] The present invention recognizes that the first place a user mustgo on entering a residence or other premises protected by a securitysystem is to the security system keypad, to disarm the system (or placeit in an “armed home” state) prior to the expiration of the entry delayperiod. The invention also recognizes that the last place a user goesbefore leaving the premises is to the security system keypad, to arm thesystem prior to leaving. In accordance with the invention, communicationfunctions, such as telephone answering or voice-mail functions, orInternet or other public data network functions, such as electronicmail, are made available to the user at the security system keypad.Depending on the number of functions provided, and the level offunctionality provided for each function, it may be possible to use aconventional keypad, or an enhanced keypad may be required, as describedin more detail below.

[0031] In order for the communications functions to be available at thekeypad, the security system has to be integrated to at least some degreewith the communications system or systems involved. While securitysystems ordinarily are connected to a telephone line—e.g., for centralstation monitoring—or to a radio-frequency or cellular communicationsdevice, greater integration than that normally provided is foreseen bythe present invention.

[0032] In one preferred embodiment of the invention, an electronicanswering machine or voice-mail unit is integrated into the securitysystem and connected—by wired or wireless connection—to the householdtelephone line. If the household has a separate telephone line forsecurity system monitoring, then the telephone line used for voice callsmust be connected to the integrated voice-mail unit. In this system, thevoice mail functions preferably are available at at least one, andpreferably all, keypads of the security system.

[0033] In order to operate the voice mail functions, the security keypadpreferably has at least eleven buttons, for the digits 0-9 plus onefunction key such as “#”, and preferably a twelfth key such as “*”, tomimic a standard DTMF telephone keypad. In addition, the keypadpreferably has a speaker to play back any voice messages recorded by thesystem. Most conventional keypads already have a speaker for thepurpose, e.g., of sounding a “pre-alarm” warning during the entry delayperiod (as a reminder that the system must be disarmed). It would alsobe desirable for the keypad to have a visual indicator that could beused for indicating the presence of messages to be played. However, thisis not essential, as the system could be configured to announce aurally,on disarming of the system, whether or not there are messages, and if sohow many. The user then uses keypad commands to play back the messages,delete them, archive them, etc. The system could also provide an audibleindication on any connected telephone sets—such as a repeating beepheard on top of the dial tone—so that if a user picks up any suchtelephone set, it will be apparent that messages are present. The usercould then use the telephone keypad to play the messages, etc.

[0034] It is known in voice-mail and telephone answering systems toprovide multiple voice mailboxes, to which messages for differentmembers of the household can be directed. It is also known to providedifferent security system user passcodes to different members of thehousehold. In one embodiment of an integrated security and voice-mailsystem according to the invention, where individual voice mailboxes areprovided, the entry of a particular passcode associated with aparticular user, to perform any system function, also causes the systemto play back, or at least announce the existence of, messages from thatuser's voice mailbox, or alternatively, from that user's voice mailboxand from a general mailbox, if there is one, but not from any otheruser's mailbox. In systems where users are provided, for control of thesecurity functions, with swipe cards or transmitters that typically arecoded differently for different individuals, then the use of such a cardor transmitter or other coded token associated with a particularindividual preferably has the same result as entry of an individualpasscode. If the system has only one general mailbox, then any user'scode would cause playback, or announcement of the existence, of thegeneral mailbox messages.

[0035] Another voice-mail function, commonly provided in stand-aloneanswering machines, that could be provided by the system according tothe invention, is the ability of one user to record a voice memo foranother user. For example, a parent could record a reminder for a childto do his or her homework. When the child arrives at home and disarmsthe security system, the integrated voice-mail system would recognizethe child's passcode and play back, or announce the existence of, thevoice memo, along with any voice messages in the child's mailbox.

[0036] The voice-mail functionality of the system is preferably providedby a telephone interface module connected to the security system controlunit and to the telephone line to be answered. Among other advantages,this allows the telephone interface module to be backed up by thesecurity system back-up battery, preserving settings, recordedgreetings, and recorded incoming messages in the event of an AC powerfailure. Although known answering machines have battery back-up,integration with the security system means that the back-up battery ismonitored by the central station, so that if it is low, a warning willbe issued or a technician sent to replace the battery, as discussedabove. The system may be designed so that when it is operating onback-up power, it selectively sheds certain loads. For example, thesystem could turn off answering system functions or portions thereofsuch as the digital signal processor whenever the system is on batterypower, or only if the battery voltage drops below a minimum DC thresholdvoltage required to preserve security functions.

[0037] The telephone interface module can be connected in parallel withthe premises telephone wiring, but preferably is connected in serieswith the premises telephone wiring—i.e., the incoming telephone line isconnected to the telephone interface module, which in turn is connectedto the premises telephone wiring. This would allow the voice-mailfunctions to be accessed from any telephone set on the premises, inaddition to being accessed from the security system keypads. Inaddition, it would allow security system functions to be accessed fromthe telephone sets as well. Alternatively, in another embodiment, if thetelephone interface module continually monitors the telephone line forDTMF activity, it could be connected in parallel with the premisestelephone wiring and nevertheless allow the telephone sets to accesseither or both of voice-mail and security system functions. In stillanother embodiment, some of the telephone sets on the premises areconnected to the telephone interface module while others are connectedto the premises telephone wiring in parallel with the telephoneinterface module.

[0038] It should be noted that the integration of security system andtelephone interface functions, such as the playback or announcement ofthe existence of voice messages upon disarming of the security system,requires that the passcodes for the security system and the telephoneinterface unit be the same. This is particularly the case ifpersonalized mailboxes are provided, which is necessary if personalizedrecorded memos are to be provided, but is also necessary if the systemis simply to record messages in a single mailbox and play them back. Ifthe passcodes for the two systems are not the same, disarming of thesecurity system will not cause playback or announcement of voicemessages. The user still will be able to access the telephone interfacesystem from the security system interface by entering appropriateseparate commands, but he or she would have to remember to do so. In apreferred embodiment, however, the passcodes for the two systems arerequired to be identical, so that the systems function in the fullyintegrated manner described above.

[0039] In an embodiment of the invention where all telephone sets on thepremises are connected through the telephone interface module, a privacyfeature can be provided. This feature preferably can be activated fromany telephone set using a particular DTMF sequence or a key provided forthat purpose, and preferably also from any security system keypad usingthe numeric keys or a key provided for that purpose. When active, theprivacy feature disables the ringers in all telephone sets, or blocksthe transmission of a ring signal to the telephone sets. This means thatincoming calls will not be answered and will be routed to the telephoneanswering system. The outgoing message will include an indication thatthe privacy feature is on. This will allow any knowledgeable caller,such as a member of the household, to enter a DTMF sequence to allowhim- or herself to broadcast a message over the speakers of securitysystem keypads, so that other members of the household, who have engagedthe privacy mode, will know to answer the call. The privacy mode can bedeactivated by entering the appropriate sequence from any connectedtelephone set or security system keypad. However, as a failsafe, theprivacy feature preferably deactivates itself after a predeterminedduration—e.g., eight hours. In addition, the system could be set up toallow the user, when invoking the privacy feature, to set the durationthat the feature will remain active.

[0040] Another feature that can be provided if at least some telephonelines on the premises are connected to the telephone interface unitrather than directly to the telephone provider central office, and apersonal computer on the premises is connected, via a modem, to one suchtelephone line, is embodied in software that can be provided on thepersonal computer. The software causes the personal computer to send aparticular series of DTMF tones or other signalling to the telephoneinterface unit, causing the telephone interface unit to disconnect fromthe central office telephone line and enter a programming/maintenancemode. In this mode, the personal computer can be used to inspect andreprogram settings of the telephone interface unit. Preferably, this isdone by downloading a configuration file from the telephone interfaceunit to the personal computer, changing the configuration file, anduploading the new configuration to the telephone interface unit. Inaddition, audio files preferably can be transmitted between the personalcomputer and the telephone interface unit, allowing incoming voice mailmessages to be downloaded to the personal computer, and also allowingthe user to compose the outgoing message and other custom voice promptsor tags on the personal computer and then upload them to the telephoneinterface unit.

[0041] As in the case of many known telephone answering or voice-mailsystems, the voice-mail functionality provided by the telephoneinterface module according to the invention preferably is remotelyaccessible by dialing into the system from an external telephone.Moreover, because the telephone interface module is connected to thesecurity system controller, then preferably security system functionsare accessible as well, whether dialing in from an external telephone,or picking up a premises telephone set.

[0042] Other functions offered by private-branch exchange (“PBX”)telephone systems could be offered to connected telephone sets by thesystem according to the invention. For example, memory dialing (“speeddialing”) of some quantity of stored telephone numbers preferably isprovided. In addition, in an alternative embodiment in which thesecurity system keypads are equipped with microphones, they couldoperate as additional telephone extensions, functioning asspeakerphones. Even if the keypads do not have microphones, they couldbe used as extensions for listening only—e.g., to call recordedannouncements or interactive voice-response systems.

[0043] Another function that the system preferably provides at eitherconnected telephone sets, keypads or both, is call screening—i.e., theability to listen to an incoming caller leaving a message, to be able todetermine whether or not to pick up the call. Call screening is a commonfeature of stand-alone answering machines, but is less common in aPBX/voice-mail configuration. However, according to the invention, bypressing an appropriate command, at a system keypad or on the keypad ofa connected telephone set, while a message is being left, the messagecan be screened. And because a microphone is not needed for callscreening, the screening function preferably is provided even at akeypad without a microphone. Further, in accordance with the invention,a call being screened preferably can be answered by entering anappropriate command. This would have to be at a telephone set or, ifprovided, at a keypad with a microphone. Preferably, the command toanswer the call being screened, at least at a telephone set, is a flashof the telephone set hookswitch.

[0044] In a particularly preferred embodiment, the call screeningfeature is full-duplex—i.e., the caller's voice can be heard over thesystem speakers even while the outgoing message or greeting is beingplayed. Therefore, a caller who is aware of this feature, such as amember of the household, can announce him- or herself during theoutgoing message in an attempt to cause a household member who may be athome to pick up the call. This differs from previously known answeringmachines—whether digital or tape-based—in that in those previously knownmachines, the caller's voice could be heard only after playback of theoutgoing message was complete and recording of the incoming message hadbegun.

[0045] Another feature normally associated with telephone answeringmachines that can be provided in accordance with an embodiment of thepresent invention is the so-called “toll saver” feature. In accordancewith such a feature, the answering system waits a first number of ringsbefore answering an incoming call if no messages have already beenrecorded, but waits only a second, smaller number of rings if at leastone message has already been recorded. This allows the residents, ifthey are away—e.g., on vacation or holiday—to determine when callingfrom a remote location whether or not there are any messages waiting,without necessarily completing a telephone call to the system. If thesystem rings more than the smaller number of rings, they know that thereare no messages, allowing them to hang up the call before the systemanswers, and thereby saving long-distance toll charges. In a furtherembodiment, the “toll-saver” feature is selectable—i.e., the user cancontrol whether it is engaged at all—and adjustable—i.e., the number ofrings the system will wait before answering can be chosen by the user.User control of the “toll-saver” feature preferably is available atleast at a system keypad, and preferably at connected telephone sets aswell. More preferably, control of the “toll-saver” feature also isavailable when calling in to the system from a remote location.

[0046] In addition, operation of the “toll-saver” feature preferably canbe programmed to be dependent on the state of the system, so that, e.g.,it is inactive when the system is in a disarmed or armed-home statewhich means that the premises are occupied. This gives the residents oroccupants more time to get to a telephone, or keypad if appropriate,when there is an incoming call and messages have been recorded.

[0047] Another feature that can be provided in accordance with anembodiment of the present invention is calling party identification,more commonly known as “Caller ID,” in which the telephone carriersends, with each incoming telephone call, calling party identificationdata which can be decoded and displayed by equipment at the receivingend. In an embodiment of the present invention, the telephone interfaceunit can include a calling party identification decoder, allowing thecalling party identification data to be displayed at, in addition to thespecialized Caller ID equipment, those keypads that have alphanumericdisplays—e.g., liquid crystal, gas plasma or light-emitting diodedisplays—and on specially-equipped telephone sets connected to thetelephone interface unit. In addition, using speech synthesistechnology, the calling party identification data can be added to arecorded message left by a caller, for playback along with the messagefrom any on-premises or off-premises location. Similarly, speechsynthesis technology can be used to announce the calling partyidentification data aurally (e.g., over keypad speakers). In a furtherembodiment, the system can store textual identifying data—e.g., names—inassociation with certain telephone numbers, and can announce, eithervisually, or aurally using speech synthesis, the name associated with atelephone number identified by the calling party identification data foreach incoming call, either instead of or in addition to the numberitself. Instead of using speech synthesis, the user could store a “voicetag” recorded by the user—e.g., “Mom's calling”—in association withcertain numbers, and the voice tag could be played back. In a stillfurther embodiment, the system could store, in association with certaintelephone numbers, instructions for paging the user when a call isreceived from one of those numbers. When such a call is received, thesystem would dial the number of the pager stored in the instructions,and preferably may send, as a paging message, the calling number, mostpreferably with some indication that the page is coming from the homesystem as opposed to directly from the calling number. Alternatively,the system could send as the paging message a message that one of thestored numbers has called, allowing the user to call home for the voicemail message left by the caller.

[0048] Similarly, when “memory dialing” or “speed dialing” as discussedabove is offered, the system could announce the number being calledusing speech synthesis, or could play back a stored voice tag storedwith the memory-dial number.

[0049] In another embodiment of the invention, the use of calling partyidentification technology also allows the provision of distinctiveringing—i.e., a feature whereby calls from certain predeterminedtelephone numbers ring differently from ordinary calls, to alert thoseon the premises that a particular party is calling. A number ofdifferent distinctive ringing patterns could be provided, each of whichcan be assigned to one particular predetermined number, or to a group ofnumbers. Thus, particular friends or relatives could be assigned theirown ringing signal, or a certain group of acquaintances—e.g., allcoworkers—could be assigned a common ringing signal.

[0050] While the distinctive ringing feature could be provided byincluding a ring generator in the telephone interface unit, in a moreparticularly preferred embodiment, the distinctive ringing is providedby interrupting, in a predetermined manner, the incoming ringing signalprovided by the telephone service provider. While this may limit thenumber of different ringing signals that could be provided, it avoidsthe need to generate, within the telephone interface unit, a 90 VACringing signal as is commonly used in telephones.

[0051] In a further embodiment that relies on calling partyidentification data, more than one outgoing greeting can be provided foreach voice mailbox, with certain callers hearing a different greeting,as determined by the calling party identification data.

[0052] In another embodiment of the invention, the telephone interfaceunit provides an auto-redial feature. When a user makes a telephonecall, if the called number is busy, the telephone interface unit willcontinue to call the called number at predetermined intervals until itdetects a ringing signal. When a ringing signal is detected, anindication is made at the user premises, either by ringing thetelephones, providing a visual indication on a telephone equipped with avisual indicator, or providing an aural or visual indication at a one ormore system keypads, or any combination. If a user does not pick up atelephone within a predetermined interval after the indication is made,the system will disconnect the call. The user has the option ofterminating the redial feature, which in any event is preferably limitedin duration after the initial busy signal is detected—e.g., the systemmay attempt to redial the call every two minutes but only for half anhour after the initial busy signal.

[0053] Another feature that is provided in a preferred embodiment of theinvention is a public address feature. A user can pick up a telephoneset connected to the telephone interface unit and, by issuing anappropriate command, either on the telephone keypad or on aspecially-provided button, disconnect the telephone set from the centraloffice line and connect it to the speakers in the system keypads forbroadcast of an announcement. Alternatively, individual keypads, orgroups of keypads, could be addressed by telephone keypad commands. In avariant of this feature, another user, on hearing the announcement, canpick up another telephone set and, upon entering an appropriate command,be connected to the first user in an “intercom” mode, disconnected fromthe central office telephone line. The intercom or public address modepreferably is also available when the telephone line is in use.Specifically, if a user answers an incoming call, but the call is foranother user on the premises, the user who answered the call couldengage the public address or intercom function to advise the user forwhom the call is intended. In such a case, while the telephone setswould be temporarily disconnected from the central office telephoneline, the telephone interface unit would maintain the telephone line inan off-hook condition (i.e., “on hold”) until one of the users is readyto pick up the all. Of course, these features would not be availablefrom a telephone set that is connected to the central office telephoneline directly rather than through the telephone interface unit.

[0054] In addition to providing a public address function, the telephoneinterface unit could also provide a room-monitoring function.Specifically, the system would allow a user to issue a command on anyconnected telephone set to monitor the microphone of anymicrophone-equipped keypad on the system. Preferably, the appropriatecommand could also be issued from any other keypad, as long as the otherkeypad has a speaker for listening, whether or not it has a microphone.This feature could be used, for example, to monitor a baby's room.

[0055] In another alternative embodiment of the invention, instead ofproviding voice-mail functionality in the telephone interface unit, theuser could subscribe to central office voice-mail service from thetelephone company. Normally, a subscriber to that service is informed ofwaiting messages by a special dial tone that is audible only when atelephone set is picked up. In this embodiment of the invention, thetelephone interface unit senses the presence of the special dial toneand causes an aural or visual indication at one or more system keypads,and, in a further alternative, visually on specially equipped telephonesets connected to the telephone interface unit. In addition, the systemcould, upon command from a keypad, connected telephone set, or otherconnected communications device, or upon disarming of the securitysystem, dial out on the central office telephone line the DTMF digits,including the user's access code, necessary to accessing the voice mailservice (or other functions) provided by the central office, playingback the messages at the device from which the command was entered.

[0056] The system according to the invention is capable of sending anoff-hook signal to the telephone company central office even when notelephone set is in an off-hook condition. This allows the system toprovide a “hold” feature. A user can command the system to put a call onhold—i.e., disconnecting it from the premises telephone sets but keepingthe central office telephone line in an off-hook condition, by, e.g.,entering a DTMF command or flashing the hookswitch.

[0057] Many of the features described above are provided by having thetelephone interface unit monitor incoming telephone calls on connectedtelephone sets and even on unconnected telephone sets. That samemonitoring capability can be used to monitor outgoing telephone calls,and in accordance with another feature of the invention, the system cankeep a log of outgoing calls including such information as numbercalled, time of call, duration of call, etc. This information preferablycan be displayed on the display of a telephone set so equipped or on thedisplay of a security keypad so equipped. Moreover, the system couldthen be used to block certain telephone calls, such as those to “900”numbers, or to specific numbers programmed into the system, or even longdistance calls. As a further feature, such calls could be unblocked byentering an appropriate code. Of course, to use these blocking features,the telephone sets would have to be connected through the telephoneinterface unit; telephone sets connected directly to the central officeline in parallel with the telephone interface unit would have unlimitedaccess to the telephone line. Thus, a user interested in these featurestypically would not have any telephone sets that are not connectedthrough the telephone interface unit.

[0058] In addition to, or instead of, being connected to a telephoneline, the security system according to the present invention can beconnected to an external data network for sending or receiving data. Oneexample of such a network to which the system can be connected is theInternet. Preferably, if the system is connected to an external datanetwork such as the Internet, the connection is of the type which isalways on and active. The external data network may used as a backupchannel for communication with the central station that monitors thesecurity system, with a traditional dial-up or cellular telephoneconnection or radio-frequency communication channel as the primarychannel, but the external data network also could be used as the primarycentral station monitoring channel, with the traditional communicationsmethods used as back-up. Either way, preferably the various channels areused redundantly to make sure that the message gets to the centralstation. More preferably, once transmission on one channel succeeds,incomplete attempts using other channels are terminated, as described inmore detail below.

[0059] In accordance with another aspect of the present invention, anInternet connection between the premises and the central station can beused for reliable secure communications. Both of the problems ofsecurity and authentication are solved by using shared private keyencryption. Each premises system is provided with a unique private key.For example, in a preferred embodiment, the private key is built intothe system controller at the time of manufacture. The same private keyis shared with the central station. The central station thus stores manyprivate keys, one for each of the units it monitors. If the centralstation is communicating with a particular unit, if it is able todecrypt the communication with that unit using the private key that itassociates with that unit, which no one else in the world is supposed toknow, then the central station knows two things. First, the centralstation knows that the unit is the unit that the central station thinksit is, because if it were a different unit, the private key would notfunction to decrypt the communication. Second, by virtue of the sameprivate key encryption, the central station knows that the communicationwas secure.

[0060] The remaining problem of the premises firewall is solved byhaving the premises unit initiate contact with the central stationperiodically. Most firewalls do not prevent sessions that initiatewithin the firewall. Once a session is open, the central station cansend any messages or other data to the premises unit. If the centralstation does not hear from the premises unit at the appointed intervals,it assumes a problem and dispatches someone to the premises. Otherwise,the contact intervals are set to be short enough that the centralstation is not likely to have too much of a build-up of unsent messagesto the premises. The contact interval may also depend on the type ofpremises. For example, a bank or jewelry store may have more frequentcontact with the central station than a residence.

[0061] Although the system is useful to allow communications throughfirewalls, it may be used where one or both of the communicating partieslacks a firewall. Advantages of such a system include obviating the needfor user setup, as well as the need for an external data center to knowthe IP address of a device with which it needs to communicate.

[0062] Although in the system just described, the installation in securecontact with the premises has been described as a “central station,” itneed not be the same “central station” that monitors for and responds toalarm conditions. Instead, it is possible to distinguish between acentral monitoring station, which performs those traditional alarmmonitoring functions, and a central communications station, which merelyguarantees the security of the communications link. While in some cases,both of those functions may in fact be performed by a single entity, itis within the present invention for those functions to be performed byseparate facilities which may even be owned by separate entities. Thus,while traditional alarm companies will continue to operate centralmonitoring stations, they may contract with secure communicationsproviders to operate central communications stations to provide secureInternet connections to their subscribers and then to relay thecommunications to them.

[0063] Indeed, that relay may take place over an Internet connectionbetween the central monitoring station and the central communicationsstation that is secured in the same way as the connection between thesubscriber premises and the central monitoring station. Specifically,the central monitoring station, secure behind its firewall, willinitiate all sessions with the central communications station using ashared private key encryption.

[0064] If the central monitoring station in such an embodiment wants tocontact a subscriber premises unit, the central monitoring stationinitiates a session with the central communications station andtransmits the message to the central communications station. The centralcommunications station queues the message for the appropriate premisesunit, and when that premises unit next checks in, the centralcommunications station asks the premises unit to hold the channel opento receive the message from the central monitoring station. The centralcommunications station then sends the message to the premises unit, andreceives a response, if appropriate. If a response is received, it isqueued up until the next time the central monitoring station checks in,at which time it is transmitted to the central monitoring station.

[0065] Similarly, if the premises unit has a message for the centralmonitoring station, it initiates a session with the centralcommunications station and transmits the message to the centralcommunications station. The central communications station queues themessage until the central monitoring station next checks in, when thecentral communications station asks the central monitoring station tohold the channel open to receive the message from the premises unit. Thecentral communications station then sends the message to the centralmonitoring station, and receives a response, if appropriate. If aresponse is received, it is queued up until the next time the premisesunit checks in, at which time it is transmitted to the premises unit.

[0066] With such a secure communications system in place, there is nosecurity reason not to rely on the Internet as the primary alarmreporting channel, insofar as it is clearly the fastest when it isavailable. If it is not available, one or more of the othercommunications channels can be used. Traditionally, if a primarycommunications channel fails, the system “fails over” to a secondarychannel. In accordance with another aspect of the present invention, thesystem does not wait for failure of the primary channel beforeinitiating contact on a secondary channel.

[0067] One way of operating such a “dynamic signalling” scheme inaccordance with the invention would be to have both (or all if more thantwo channels are used—e.g., Internet, landline telephone, cellulartelephone, control-channel cellular communications such as that known asMicroBurst® and available from Aeris Communications, Inc. of San JoseCalif., and/or radio) channels initiate communications at the same time,with the first method to succeed issuing instructions upon success forthe other methods to terminate their attempts to communicate. Thisscheme has the advantage that the reporting of an alarm condition (orany other condition) need not wait until the primary channel failsbefore a secondary channel is tried.

[0068] On the other hand, the primary channel frequently works.Therefore, the dynamic signalling scheme just described could beconsidered inefficient in that it always initiates the back-upchannel(s) even when no back-up is necessary. Therefore, in a refinementof the dynamic signalling scheme, the primary channel is given a “headstart” before the secondary channel or channels are activated. Forexample, if the primary channel is the Internet, then a successfulreporting session normally will be over in a few seconds. Therefore, theother channels automatically are engaged after, e.g., five seconds,unless a completion signal is received from the primary channel. If theprimary channel is successful within five seconds, then there is no needto activate the other channels at all. If the primary channel is notsuccessful within five seconds, it may yet be successful, but the otherchannels will be activated, with the first channel to succeed after thattime terminating the other channels.

[0069] Various combinations of channels can be used. For example, thesystem could rely on control-channel cellular communications or theInternet as the primary channel, with landline dial-up as the backupchannel. Or the Internet could be the primary channel, withcontrol-channel cellular communications as the backup the channel. Anyother combination of the various communications media could be used.

[0070] Once the external data network is present, other uses beyondsecurity system reporting are possible. Thus, a properly equippedpremises system keypad could be used as a terminal for accessing theexternal data network. In one preferred embodiment, when a user disarmsthe security system at a system keypad—e.g., on returning home—incomingelectronic mail messages are displayed at the keypad. For this purpose,the system keypad preferably has an alphanumeric display, or anactive-matrix, LCD or other flat-panel display, to display theelectronic mail messages, although speech synthesis technology could beused to present the messages aurally using a speaker in the keypad.Preferably also, the keypad has a visual indicator to indicate thepresence of messages to be displayed. An aural indication—such as aparticular pattern of tones or a recorded or synthesized spokenannouncement—of the presence of messages could be provided at the timeof disarming the system, instead of, or in addition to, a visualindication.

[0071] If electronic mail is delivered by the system, then in oneembodiment there is a particular electronic mail address associated withthe system, and that mail would be displayed. In a more particularlypreferred embodiment, a separate electronic mail address for eachauthorized user of the system is associated with the system, and theappropriate user's electronic mail messages are displayed based on thepasscode, swipe card, coded transmitter or other token used to disarmthe system, as discussed above in connection with telephone voice-mailmessages. Thus, the announcement and/or display of electronic mailmessages via the keypad is personalized to the user who is within thevicinity of, or is accessing, the keypad. Such personalizationsignificantly enhances the usability and “user-friendliness” of thesystem.

[0072] In another embodiment of the invention, instead of, or inaddition to, electronic mail messages, the system displays World WideWeb pages or similar data from the external data network. The datadisplayed are preselected by the user or users. Thus, the same datacould be accessed regardless of who accesses the system, or the datacould be personalized for individual users. For example, in aresidential system, if an adult disarms the system, a stock marketreport might be displayed, while for a teenage child, an advertisementfrom a favorite retailer might be displayed. Similarly, on arming of thesystem, which ordinarily signifies that the user is leaving thepremises, a traffic or weather report, or any other data preselected bythe user, might be displayed. If a user has more than one passcode, or atransmitter with more than one button for arming or disarming thesystem, a different data selection could be associated with eachpasscode or button.

[0073] In another embodiment, the system is configured to allowretrieval of electronic mail messages from any one or more systemkeypads throughout the premises, separately from a disarm operation.This could be implemented in one embodiment by providing a specialelectronic mail retrieval key on the keypad, which would then prompt theuser for a passcode to identify which of the potential authorized usersis requesting retrieval of electronic mail, or in a second embodiment aspecial command sequence on a standard keypad could be used for the samefunction. In another embodiment, the various system keypads on thesystem could be configured in a local area network, allowing users atdifferent keypads to independently and simultaneously retrieveelectronic mail. In such an embodiment, the security system functionsoperate as in the non-networked embodiment.

[0074] In a further embodiment, the system keypad is provided with afull keyboard and is usable as a terminal to log onto the Internet orother external data network for any purpose, including composing andsending electronic mail, searching for information on the World WideWeb, etc. In a variation of this embodiment, the keypad is provided witha microphone for full sound operations, and optionally with stereospeakers instead of a single monaural speaker. In another variation, thekeypad is also provided with a display, such as a liquid crystal or gasplasma display or a small cathode-ray tube display, for displayinggraphics as well as text, and optionally with a video camera for fullvideo operations.

[0075] The premises unit could perform all of these functions on itsown, using its direct external data network (e.g., Internet) connection.However, for security reasons, it may be desirable to avoid generalcontact between the premises unit and other Internet users. Therefore,in a system where the premises unit communicates with a centralcommunications station as described above (whether or not the centralcommunications station is also the central monitoring station), thecentral communications station could maintain, by user subscription,records of user e-mail addresses and content preferences (i.e., whatnews, weather, advertising, etc., the user wishes to receive, and when),retrieve the data from the Internet (e.g., using appropriate “agents”)and send it to the premises unit based on received passcodes. If directinteractive Internet use is available on the system (which may depend,primarily, on how good the keyboard is on the user interface), thecentral communications station would act as a proxy for the premisessystem to access the Internet, maintaining the secure link to thepremises.

[0076] According to another feature of the invention, a user's passcodeunlocks other passwords that the user may have with other institutions,such as banks or other financial institutions. In one embodiment, thepasswords are stored in the premises controller. Based on the entry of auser's passcode to access the system, if the user then initiates asession with one of those institutions, the appropriate password istransmitted, when needed, to the institution without further action bythe user. Preferably, the user also could access the system using atransmitter or other coded token and the system would send thecorresponding passcode when authenticating the financial transaction.

[0077] In another embodiment, the user's security system passcode isregistered with the institutions as a secure identifier of the user.When the user accesses the premises system with his or her passcode orcoded token and then uses the external data network to log into thefinancial institution, the passcode is sent to the institution and isrecognized as a secure authorization. While this function would have tobe by agreement and prior arrangement with the financial institution, itis potentially more secure, or at least less risky, than sending apersonal identification number (“PIN”) over the external data network,even in encrypted form.

[0078] In a particularly preferred embodiment, the passwords are storedat the central communications station. If the user wants to perform,e.g., a banking transaction, the users accesses a software banking agentat the central communications station and specifies the transaction, butneed not enter his or her password for that bank. Instead, the softwareagent retrieves the password stored at the central communicationsstation and processes the transaction with the bank. This arrangementrequires users to trust their passwords to the central communicationsstation, but the users are already entrusting the central communicationsstation with their safety and valuable property, so it is likely theywould feel comfortable entrusting the central communications stationwith their passwords.

[0079] In addition to providing the external data network functions atsystem keypads, in another embodiment the system also has a port orports to which one or more external terminal devices can be connected touse the external data network connection. For example, one or morepersonal computers could be connected to the system for that purpose.

[0080] In another embodiment, the system could be accessed, withappropriate passwords and other security provisions, from an externalcomputer or terminal on the external data network. Thus, parameters ofthe security system could be programmed remotely using the external datanetwork rather than a dial-in connection as described above. Inaddition, certain security system data, such as the state of varioussensors, could be accessed over the external data network or sentperiodically to a predetermined address on the external data network.For example, if one of the sensors is a video camera, the video outputcould be sent periodically to a predetermined recipient. Similarly, thesystem could be connected to home automation devices—such as thosecompatible with the X-10® system developed by X-10 Limited, of Hamilton,Bermuda—that allow lights, temperature and other functions to beremotely controlled.

[0081] Access to the premises system from the external data networkpreferably also is through the central communications station. Forexample, the central communications station could maintain a World WideWeb site through which subscribers could contact their home systems fromelsewhere. Thus, a subscriber at his or her place of employment couldlog onto that web site and issue a command to turn on a certainappliance in the home. The systems at the central communicationsstation, after being satisfied that the user is authorized, would queueup those instructions until the next time the home system makes contact,at which time the instructions would be sent, and the appliance would beturned on.

[0082] The invention will now be described with reference to FIGS. 1-7.

[0083] A preferred embodiment of a premises security system 10 accordingto the present invention is shown in FIG. 1. A system controller 11,similar to a Model 6139T available from the Alarm Device ManufacturingCompany (“Ademco,” a division of Pittway Corporation), of Syosset, N.Y.,is modified to communicate over a bus 12, preferably a four-wire bus,with at least one communications interface 13. Communications interface13 can be a telephone answering/voice-mail/PBX type interface asdescribed above. Alternatively, communications interface 13 can be anexternal data network/Internet interface, also as described above, whichmay be a router or ADSL (asymmetric digital subscriber loop) interface,providing continual access to the Internet over external communicationsline 14 which may be a suitable persistent Internet connection.Communications interface 13 also could be a modem, preferably a 56 kbpsmodem, providing a dial-up connection over external communications line14, which could be a standard analog telephone line. Controller 11preferably has a back-up battery 113 serving at least both controller 11and communciations interface 13.

[0084] System 10 also includes conventional sensors 15, which mayinclude security or fire sensors or both, and one or more conventionalor enhanced system keypads 16 as discussed above and as described inmore detail below. Keypads 16 may be connected directly to controller 11in the conventional manner, as shown, in which case the communicationsfunctions are routed between keypads 11 and communications interface 13through controller 11. Alternatively, keypads 16 may be connected to bus12 for routing of both security system signals to and from controller 11and communications functions to and from communications interface 13. Inyet another alternative, keypads 16 can be connected both directly tocontroller 11 (for security functions) and to bus 12 (for communicationsfunctions). Controller 11 preferably is connected to a sounder 110(e.g., a bell or siren) for sounding alarm conditions, and preferably isconnected to a dialer unit 111 for communicating with a centralmonitoring station over, e.g., a standard telephone line.

[0085] One or more communications devices 17 could be connected tocommunications interface 13, either by a direct connection or throughbus 12 as shown (but ordinarily not through both connections).Communications devices 17 could be telephone sets if communicationsinterface 13 is a telephone system interface as described above, orcould be personal computers or computer terminals if communicationsinterface 13 is a data network interface as described above.

[0086] If communications interface 13 is a telephone system interface,telephone sets 17 preferably would be connected directly tocommunications interface 13, although additional telephone sets could beconnected directly to the central office telephone line (see FIG. 2).Communications devices 17 could also include a modem connected to apersonal computer, allowing the personal computer to be used to accessthe communications interface 13 in the manner described above, forprogramming features of communications interface 13, or for downloadingand storing incoming voice mail messages from communications interface13.

[0087] If communications interface 13 is a data network interface,personal computers or computer terminals 17 preferably are connected tocommunications interface 13 via bus 12, although a direct connection(e.g., a local area network Ethernet connection) can also be used.

[0088]FIG. 2 shows another preferred embodiment of a system 20 inaccordance with the invention. System 20 is similar to system 10, exceptthat a separate telephone interface unit 21 and a separate datainterface unit 22 are shown. It should be clear, however, that thesystem according to the invention could include only one or the other ofinterfaces 21, 22.

[0089] As shown, in system 20, sensors 15, keypads 16, sounder 110 anddialer 111 are connected to controller 11 as in system 10 of FIG. 1.Telephone interface unit 21, which preferably is connected to standardanalog telephone line 23, preferably is connected to controller 11 bybus 12. A first group of telephone sets 24 preferably is connected totelephone interface unit 21. The telephone answering/voice-mail/PBXfunctions described above preferably are available at keypads 16 eithervia bus 12, or through controller 11 to which keypads 16 may be directlyconnected. The telephone answering/voice-mail/PBX functions describedabove may also be available to those telephone sets 24 connected totelephone line 23 through telephone interface unit 21. Another group ofone or more telephone sets 25 may be connected directly to telephoneline 23. In one embodiment of the invention, the telephoneanswering/voice-mail/PBX functions described above would not beavailable at telephone sets 25. However, in an alternative embodiment ofthe invention, telephone interface unit 21 could monitor telephone line23 for DTMF tones signifying certain command signals, and provide thecorresponding functions even to telephone sets 25. However, telephoneinterface unit 25 would be unable to disconnect any one of telephonesets 25 from telephone line 23, and therefore could not perform anyfunction that required such a disconnect, such as the public addressfunction over keypad speakers. A limited number of functions, where thedialing of the commands would not cause a telephone call to be placed,might be available.

[0090] Data interface unit 22, which preferably is connected to dataline 26, preferably is connected to controller 11 by bus 12. optionally,one or more personal computers or computer terminals 27 preferably isconnected to data interface unit 22—e.g., by a local area network (shownas a direct link to data interface unit 22)—for the purpose of sharingdata line 26. The data functions described above preferably areavailable at keypads 16 either via bus 12, or through controller 11 towhich keypads 16 may be directly connected. The data functions describedabove may also be available to those personal computers or computerterminals 27 connected to data interface unit 22. Alternatively,personal computers or computer terminals 27 could simply share data line26 by an alternate connection shown in broken line, without beingconnected to data interface unit 22.

[0091] One or more of personal computers or computer terminals 27 canalso be connected to telephone interface unit 21 via one or more modems240 in the manner described above, for programming features of telephoneinterface unit 21, or for downloading and storing incoming voice mailmessages from telephone interface unit 21.

[0092] Data interface unit 22 preferably also has access to data fromone or more of sensors 15, such as a security camera, for transmissionof the sensor data over the Internet or other external data network forviewing by an authorized person, and to home automation devices 215 forremote actuation as described above.

[0093] Controller 11 of system 20 preferably also includes aradio-frequency or other (e.g., infrared) receiver 112 which receivescoded signals from one or more transmitters 28. A simple transmittermight have one button 29, to send a code identifying a particularauthorized user for, e.g., arming or disarming the system. A morecomplicated transmitter 28 might have two (or more) buttons 29 forallowing a single user to send one of two (or more) different signalsfor performing different functions (as described above).

[0094]FIG. 3 shows one embodiment of a conventional security systemkeypad 30 which could be used with the invention, particularly if onlytelephone interface functions are to be provided at the keypad. Keypad30 preferably includes a standard telephone-type numeric keypad,including the digits 0-9 and, preferably, the symbols “*” and “#”. Thesecould be used to issue standard security system commands, such asentering passcodes, or telephone interface commands. Function buttons 32preferably are also provided for entry of system commands. Visualindicators 33, which preferably are light-emitting diodes, but whichalso may be light bulbs or other indicators, are provided to performstandard security system indications—e.g., a warning that a zone isbypassed, an indication that the system has been in alarm, an AC powerfailure, etc.—as well as telephone interface indications such as amessage waiting indication. Alphanumeric display 34, which may be astandard two-line, sixteen character per line, display, also providessecurity system indications, and telephone interface indications suchas, e.g., calling party identification data.

[0095] Keypad 30 preferably also has a speaker 35, as is conventionalfor providing, e.g., a pre-alarm aural indication, which may also beused to provide aural telephone interface indications such as an auralmessage waiting indication, and more particularly may be used for theplayback of messages. Speaker 35 could also be used to allow a user tomake telephone calls (using keys 31) to announcement-only orvoice-response telephone numbers where two-way communication is notnecessary. In an alternative embodiment, keypad 30 includes amicrophone, allowing the recording of outgoing voice-mail greetings. Ifthe system is configured, as just discussed, to allow telephone calls tobe placed from keypad 30, microphone 36 could be used to make suchcalls.

[0096]FIG. 4 shows an embodiment of a preferred embodiment of anenhanced keypad 40 designed to work with data interface unit 22 toperform data functions. Thus, keypad 40 preferably has, instead ofnumeric keypad 13, a full alphanumeric keypad 41, along with functionbuttons 32 and visual indicators 33. Keypad 40 preferably also has afull graphic display 44 in place of alphanumeric display 34. Display 44could be a liquid crystal display (“LCD”), gas plasma display orcathode-ray tube (“CRT”), which could be a color or monochromaticdisplay. Display 44 could further provide touch screen capability, inwhich case alphanumeric keypad 41 could be a “soft” keypad that can becalled up on display 44 when desired. Preferably, keypad 40 also has twospeakers 45, for stereo audio functions, if necessary, although in analternative preferred embodiment only one speaker 45 may be provided.Keypad 40 preferably also has a microphone 46, and optionally has avideo camera 47 for full-duplex video functions, if necessary.

[0097] A schematic block diagram of circuitry 50 of a keypad similar tokeypad 40, but incorporating some of the functions of data interfaceunit 22, is shown in FIG. 5. If multiple such keypads are provided, theadditional “slave” keypads may omit the data interface circuitry, or mayinclude it even though it may be redundant. Circuitry 50 preferably isbuilt around a central processing unit (“CPU”) 51 such as an 80386 orequivalent microprocessor, available from Intel Corporation, of SantaClara, Calif. Preferably connected to CPU 51 is random-access memory(“RAM”) 52 as well as non-volatile memory 53 (e.g., NVRAM). If thesystem uses shared private key encryption as discussed above, theprivate key preferably is stored in non-volatile memory 53. An audiointerface 54 preferably also is provided, interfacing with external datanetwork 26 for audio input/output functions, as well as interfacing withaudio signals from telephone interface unit 21, if present in thesystem.

[0098] Expansion bus 55 preferably connects CPU 51 to keypad 41 andindicators 33. Expansion bus 55 also preferably connects to a networkinterface 56 which allows several keypads 50 to be attached to system 20for operation of the security functions of controller 11, forindependent access to external data network 26, and for connection toother keypads 50 in a local area network on the premises served bysystem 20. A graphics controller 57, preferably having its ownassociated graphics RAM 570, preferably is also connected to bus 55allowing CPU 51 to drive graphical LCD display 44. A touch screeninterface 58 connected to CPU 51 preferably is integrated (not shown)with display 44.

[0099] A real-time clock 59 preferably is provided for CPU 51, and theentire circuitry 50 preferably is powered by a 12-volt DC power supply500 as indicated by dashed lines 501.

[0100] Finally, interface 502 connects to controller 11, preferably viabus 12, while connection to external data network 26 preferably isprovided by serial interface 503 which is, or connects to, a router,ADSL interface, modem or other data connection device.

[0101] A preferred embodiment 400 of a simplified keypad for use withthe invention is shown in FIG. 6. Keypad 400 preferably includes asubset of the features of keypad 40. Thus, it preferably includes a fullgraphic display 44 with touch screen capability, avoiding a fullalphanumeric keypad 41, but allowing for a “soft” keypad that can becalled up on display 44 when desired. Preferably, keypad 400 also hasone speaker 45 and a microphone 46.

[0102] A schematic block diagram of circuitry 60 of a preferredembodiment of a telephone interface unit 21 according to the inventionis shown in FIG. 7. A central processing unit (CPU) 61 preferablycontrols the various telephone interface and voice-mail/telephoneanswering functions described above, as is conventional. Digital signalprocessor (DSP) 62, connected to CPU 61, handles the voice processingfunctions required for the voice-mail/telephone answering functions. Asdiscussed above, DSP 62 preferably allows full-duplex operation, so thatif an incoming call is not picked up on one of the premises telephones,and system 60 answers the call, the caller (if sufficiently aware ofsystem functions) preferably can announce him- or herself over thesystem speakers even while the outgoing message is playing (in case theresidents are home and may want to answer the call). DSP 62 preferablyalso includes a built-in DTMF decoder that interpretsdual-tone/multifrequency (i.e., “Touch-Tone”) keystrokes made atpremises or remote telephone sets to allow entry of system commands fromsuch telephone sets.

[0103] CPU 61 and DSP 62 are connected to random access memory 63, allpreferably provided as a single chipset 64 along with two CODECs 65, 66.One suitable chipset is the PCD600X family of chipsets available fromPhilips Electronics, N.V., of Eindhoven, Netherlands. These chipsetsinclude an 8051 CPU core, 756 bytes of on-board RAM, a 16-bit fixedpoint DSP (with ROM code masked), two analog CODECs and general purpose8-bit digital-to-analog and analog-to-digital converters. Model PCD6002includes 32 kilobytes of OTP ROM, while model PCD6001 is ROMless but canbe used, e.g., with 64 kilobytes of external EPROM memory 67. Inaddition, flash memory 68 can be provided, where voice messages andother voice and configuration data may be stored.

[0104] Chipset 64 is connected to a microcontroller 69, such as aP87CL883 microcontroller, also available from Philips Electronics, whichin turn is connected to a security system interface 600, preferablyallowing control of security system controller 11 from connectedtelephone sets as discussed above, and preferably allowing access tovoice-mail functions at system keypads. Microcontroller 69 arbitratestraffic between security system 11 and CPU 61/DSP 62, to determine,e.g., whether a signal or command from a keypad or telephone set isintended as a security system command or a PBX/voice mail/answeringmachine command, or conversely whether a signal or command from securitysystem 11 or CPU 61/DSP 62 is intended as a telephone-related command ora security system command. This allows commands to be routed properly,and also allows devices to be taken on-line or off-line as appropriate(e.g., to disconnect telephone sets from the central office phone linewhen a telephone set is being used to broadcast a message over thekeypad speakers).

[0105] A modem 601, as may be conventional, may be connected totelephone line interface 602 for purposes described above. In addition,modem 601 could serve as a back-up security communications device,allowing controller 11 to communicate with a central monitoring stationif normal channels are unavailable.

[0106] Telephone line interface 602 is also connected via CODEC 65 toCPU 61 and DSP 62 to allow CPU 61 and DSP 62 to perform the PBX/voicemail/telephone answering functions described above. CODEC 66 connectsDSP 62 to security system audio bus 603 (also connected to securitysystem interface 600), allowing circuitry 60 to communicate withsecurity system keypad speakers. In addition, telephone line interface602 connects the central office telephone line and the premisestelephone sets to the system and to each other. Those connectionspreferably are made through suitable relays (not shown) so that in theevent of a power failure, the central office telephone line would beconnected directly to the premises telephone sets, maintaining telephoneservice on the premises.

[0107] The entire circuitry 60 preferably is powered by a nominal12-volt DC power supply from security system controller 11, as indicatedby dashed lines 604.

[0108] A communications system 700 as described above, incorporating thepresent invention, is shown in FIG. 8. Communications system 700includes a central communications station 701, at least one centralmonitoring station 702 (a central monitoring company that subscribes tothe central communications system could have more than one monitoringstation, or more than one monitoring company could subscribe), and aplurality of premises systems 703, all connected to the Internet 704.

[0109] Each premises system 703 preferably includes a system 10 as shownin FIG. 1, preferably including an interface unit 50 as shown in FIG. 5storing a private key. System 10 within system 703 has an Internetaccess unit 705, with access controlled by firewall 706.

[0110] Each central monitoring station 702 similarly has a processor 707storing a private key, an Internet access unit 705 and a firewall 706.Processor 707 includes data storage (not shown) storing one or moredatabases identifying premises to be monitored and the level of servicefor each of those premises, a database of actions to be taken in case ofvarious alarm conditions or other unusual conditions, etc.

[0111] Central communications station 701, in addition to having anInternet access unit 705 and a firewall 706, has remote applicationservers 708 (these may be located elsewhere at the premises of theproviders of the services on servers 708). Central communicationsstation 701 also includes secure redirectors 711 which have access toprivate key storage 709 to store the private keys of all of the systemswith which it communicates. Redirectors 711 perform the encryption anddecryption using those keys to communicate with those systems.

[0112] Central communications station 701 communicates with the Internet704 through firewall 706 and Internet access unit 705, connecting theInternet to insecure bus 713. Communications on insecure bus 713 thatare destined for remote servers 708 pass through redirectors 711 tosecure bus 714, with security based on the private keys stored at 709.

[0113] Another web server 712 maintains the web site described abovethat allow users from any Internet access location 710 to issueinstructions to premises systems 10. Because the point of web server 712is to allow a user at any Internet access point 710 to access his or hersecure system 703, and access point 710 likely is not registered to useredirectors 711, web server 712 preferably is protected, as shown, byconventional security such as SSL (secure socket layer) encryption,smart cards, etc.

[0114] Among remote servers 708 are relay servers to relaycommunications between the various systems 702, 703, as well as fromserver 712 to units 50 of premises systems 10 in units 702, as describedabove, after secure channels are opened by secure redirector units 711.

[0115] Central communications station 701 may be separate from centralmonitoring station 702 as shown, or stations 701 and 702 could becombined or co-located. Similarly, regardless of their relativelocations, they could be operated by the same or different parties.

[0116] The communications system as described could be used to offer orimplement a number of security features.

[0117] One function of central alarm monitoring systems is to“supervise” high-security premises systems such as a bank alarm system.Traditionally, a poll-and-response system was used in which the centralstation contacted each supervised system individually on a periodicbasis to make sure it received a response, and to check the system'sstatus. If it did not, or if its status was not normal, appropriateaction was taken. In later systems, the supervised system simply calledin periodically on its own, without the need for polling. Again,appropriate action was taken if the supervised system did not check inon time, or its status was not normal. In accordance with the currentinvention, because the premises system has to check in periodically, itcan be programmed to report its status at the same time. The system'sfailure to check in, or to report a normal status, is acted uponappropriately.

[0118] Similarly, two premises systems 10 can be made to operate as asingle system by communicating through central communications station701. For example, if a company has multiple locations, passcodes forindividual employees can be entered only in the system at their “home”location, but the systems at other locations would recognize thosepasscodes because the systems could communicate through centralcommunications station 701. Although such systems can be implemented byrunning wires between adjacent buildings, the present invention allowssuch systems to be implemented between far-flung locations withoutrunning wires or leasing expensive dedicated lines.

[0119] Another function that could be implemented using the presentinvention is the download of configuration data to system 10.Configuration data for user interface 16 or 50, including web sitepreferences for various users, etc., as well a security configurationdata for controllers 11, could be stored at a remote server 708 anddownloaded when its particular system checks in to see if any othersystem wants to contact it. In the case of downloading of theconfiguration of security controller 11, this eliminates the need forcentral alarm station operators to maintain separate dialer banks fordownloading as they do now.

[0120] In accordance with another function of the present invention, ifone of home automation devices 215 is a video camera, the system allowsa user at any terminal 710 on the Internet to securely access that videofeed. The user logs onto web server 712 and requests the video feed. Thenext time the system 703 of which the desired video camera is a partchecks in, redirector 711 established a link to server 712, which relaysthe video feed to the user. In an alternative to this embodiment, whichconsumes a lot of bandwidth because of the nature of video, the systemcan avoid relaying the video, and thereby conserve bandwidth, byenabling secure direct communications between terminal 710 and system703. This can be done by, after authenticating both parties, sending toeach party a session key (generated, e.g., by secure session keygenerator 715) and the IP address of the other party, and allowing theparties to communicate directly. Each party knows that it received thesession key and the other party's address securely, and therefore whenthey establish communications with each other, they are confident thatthe communication is authorized. In fact, such an arrangement can beused even for low-bandwidth communications if desired.

[0121] Although each of the components of communications system 700 asshown includes a firewall 706, firewall 706 could be omitted from one ormore components. As discussed above, the system has advantages evenwithout firewalls.

[0122] In another embodiment system 10 need not include any securityfeatures at all. Instead, system 10 could include only communicationsfeatures, and communications system 700 could be a system for securecommunications for any Internet users who desire it. Subscribers tocommunications system 700 could remain secure behind their firewalls,with sessions initiated only by their own systems 10 through secureredirectors 711. If one subscriber were to communicate with anothersubscriber, each would communicate only when their own respective systeminitiated the session with redirectors 711. A communication, from thefirst subscriber to initiate a session, that is destined for anothersubscriber, would be held by redirectors 711 until the secondsubscriber, for whom the communication is intended, until the secondsubscriber's unit initiated its own session. At each subscriberlocation, one or more personal computers could be attached to system 10if desired.

[0123] Preferably, in an embodiment including security features, eachsystem 10 includes at least one secondary communications channel,illustrated in FIG. 7 as dialer 712, which preferably is connected totelephone interface 713 of monitoring station 702 by public switchedtelephone line 714. Of course, the secondary channel may instead, oralso, include one or more alternate channels such as a cellulartelephone, control-channel cellular, or a radio link (not shown). Asdiscussed above, the system could try both (or all) channels, with thefirst channel to succeed issuing a signal or command through system 10to terminate the other channel(s). However, also as discussed above,preferably the primary channel is started ahead of (e.g., five secondsahead of) the secondary channel(s). The secondary channels are initiatedonly if the primary channel is not successful within the “head start”period. After that, all of the channels attempt to communicate withmonitoring station 702 and the first to succeed, which may still be theprimary channel (e.g., if the Internet is the primary channel, there mayhave been a delay caused by heavy traffic), will upon success terminatethe other channels by issuing a signal or command through system 10.

[0124] The primary channel, which is given the head start, is preferablythe fastest channel, because if it works, it normally will work fastenough to avoid having to activate the other channels. In a system wherethe Internet is available as a channel, it would be the fastest channel.Control-channel cellular would be the next fastest and would be giventhe head start in a system without Internet access. Radio would be thenext fastest and would be given the head start in a system withoutInternet access or control-channel cellular. Cellular and landlinetelephones have comparable speeds; if they are the only availablechannels, the landline telephone is normally tried first and given thehead start.

[0125] A user of the system according to the invention preferably canaccess telephone and data functions at one central location on enteringthe premises. Thus it is seen that a security system is provided thatminimizes the number of electronic devices to which an individual mustattend on returning home, by combining the functions of several of thosedevices. The system can also be used at any time that the user is athome. Secure communications between the premises system and othersystems is also provided. One skilled in the art will appreciate thatthe present invention can be practiced by other than the describedembodiments, which are presented for purposes of illustration and not oflimitation, and the present invention is limited only by the claims thatfollow.

What is claimed is:
 1. An integrated security and communications systemcomprising: a security controller having at least one sensory input, atleast one alarm output and at least one control signal input/outputport; a control interface operatively connected to said at least onecontrol signal input/output port; a communications unit connected to acommunication channel for providing at least one communication function,and a first communication port for connection to one of said at leastone control signal input/output port of said security controller forproviding at least one of said at least one communication function to auser at said control interface.
 2. The system of claim 1 wherein: saidcommunication channel comprises a telephone line; and said at least onecommunication function comprises voice mail.
 3. A security system formonitoring user premises, said system comprising: at least one sensor;at least one alarm output device; at least one user control interface; asystem controller connected to said sensor, said output device and saiduser control interface, said at least one user control interface beingused by a user to enter commands affecting a state of said system, saidsystem, when said state indicates that said system is active, monitoringsaid at least one sensor and outputting an alarm on said alarm outputdevice when said at least one sensor indicates that an alarm conditionexists; and a telephone interface unit connected to said controller anda telephone line for providing voice mail functionality, said voice mailfunctionality being accessible at at least one of said at least one usercontrol interface.
 4. The security system of claim 3 wherein: said voicemail functionality includes one or more of message retrieval, messagewaiting indication, and message header indication; and access to saidvoice mail functionality is restricted based on said state of saidsystem.
 5. The security system of claim 4 wherein said voice mailfunctionality is accessible when said state is consistent with presenceof an authorized user on said premises.
 6. The security system of claim5 having a plurality of authorized users, wherein: a particularauthorized user initiates said state consistent with presence of anauthorized user by presenting at said user control interface an indiciumunique to said particular authorized user; and said telephone interfaceunit presents for access at said user control interface only voice mailfunctions addressed to said authorized user.
 7. The security system ofclaim 6 wherein: said user control interface comprises a keypad; saidindicium comprises a passcode; and said presentation of said indiciumcomprises entry of said passcode at said keypad.
 8. The security systemof claim 4 wherein said voice mail functionality is activatedautomatically upon entry of said system into said state consistent withpresence of an authorized user on said premises.
 9. The security systemof claim 3 further comprising at least one telephone set connected tosaid telephone line; wherein: said telephone interface unit furtherprovides a call screening function at at least one of (a) said at leastone telephone set, and (b) said at least one user control interface. 10.The security system of claim 9 wherein said call screening functioncomprises an ability to answer a call being screened.
 11. The securitysystem of claim 9 wherein: said user control interface includes aspeaker; said voice mail functionality comprises playback of an outgoingmessage to an incoming caller; and said call screening function isfull-duplex, allowing said incoming caller to speak an announcement thatis audible at said speaker during said playback of said outgoingmessage.
 12. The security system of claim 3 further comprising at leastone telephone set connected to said telephone line, said least onetelephone set having a ringer; wherein: said telephone interface unitfurther provides a privacy function whereby said ringer can bedeactivated under control of a user.
 13. The security system of claim 3wherein said telephone interface unit further comprises a calling partyidentification unit for displaying calling party identification data,said calling party identification data being displayed at said usercontrol interface.
 14. The security system of claim 13 wherein: saiduser control interface includes a speaker; and said telephone interfaceunit further comprises a voice synthesis unit for announcing saidcalling party identification data at said speaker.
 15. The securitysystem of claim 13 wherein: said user control interface includes aspeaker; said telephone interface unit comprises memory for storing atleast one telephone number and identifying data associated with saidtelephone number; and when said calling party identification dataidentifies said stored telephone number, said identifying data areannounced at said speaker.
 16. The security system of claim 15 whereinsaid identifying data comprise stored spoken data.
 17. The securitysystem of claim 15 wherein said telephone interface unit comprises avoice synthesis unit for announcing said identifying data.
 18. Thesecurity system of claim 3 wherein said voice mail functionality isaccessible only to an authorized user on presentation of an indiciumindicating authorization to access said voice mail functionality. 19.The security system of claim 18 wherein said indicium indicatingauthorization to access said voice mail functionality also is anindicium authorizing access to said security system.
 20. The securitysystem of claim 18 wherein said indicium indicating authorization toaccess said voice mail functionality is different from an indiciumauthorizing access to said security system.
 21. The security system ofclaim 18 wherein: said user control interface comprises a keypad; saidindicium comprises a passcode; and said presentation of said indiciumcomprises entry of said passcode at said keypad.
 22. The security systemof claim 3 wherein: said voice mail functionality comprises a pluralityof voice mailboxes; said telephone interface unit comprises a callingparty identification unit generating calling party identification data;and incoming calls are directed automatically to one of said pluralityof voice mailboxes based on said calling party identification data. 23.The security system of claim 3 wherein: said voice mail functionalitycomprises a plurality of outgoing greeting messages for playback toincoming callers; said telephone interface unit comprises a callingparty identification unit generating calling party identification data;and said telephone interface unit selects one outgoing greeting messageof said plurality of outgoing greeting messages is for playback based onsaid calling party identification data.
 24. The security system of claim3 further comprising at least one telephone set connected to saidtelephone line through said telephone interface unit; wherein: saidtelephone interface unit further comprises an auto-redial function;whereby, when a user dials a number using said connected telephone setand said dialed number is busy: said telephone interface unitautomatically redials said dialed number at predetermined intervals forup to a predetermined duration; when said telephone interface unitdetects a ringing signal as a result of redialing said dialed number,said telephone interface unit generates an indicium for annunciation atsaid user control interface to signal said user to engage said connectedtelephone set.
 25. An integrated security and communications methodcomprising: providing a security controller having at least one sensoryinput, at least one alarm output and at least one control signalinput/output port; providing a control interface operatively connectedto said at least one control signal input/output port; providing acommunications unit connected to a communication channel for providingat least one communication function; and providing at least one of saidat least one communication function to a user at said control interfaceby providing a first communication port for connection to one of said atleast one control signal input/output port of said security controller.26. The method of claim 25 wherein: said communication channel comprisesa telephone line; and said at least one communication function comprisesvoice mail.
 27. A method for monitoring user premises, said methodcomprising: providing at least one sensor; providing at least one alarmoutput device; providing at least one user control interface; providinga system controller connected to said sensor, said output device andsaid user control interface; providing a telephone interface unitconnected to said controller and a telephone line for providing voicemail functionality; accepting at said at least one user controlinterface commands entered by a user to affect a state of said systemcontroller; when said state indicates that said system controller isactive, monitoring said at least one sensor and outputting an alarm onsaid alarm output device when said at least one sensor indicates that analarm condition exists; and accessing said voice mail functionality atleast one of said at least one user control interface.
 28. The method ofclaim 27 wherein: said voice mail functionality includes one or more ofmessage retrieval, message waiting indication, and message headerindication; said method further comprising: restricting access to saidvoice mail functionality based on said state of said system controller.29. The method of claim 28 wherein said voice mail functionality isaccessible when said state is consistent with presence of an authorizeduser on said premises.
 30. The method of claim 29 , wherein: there are aplurality of authorized users; and a particular authorized userinitiates said state consistent with presence of an authorized user bypresenting at said user control interface an indicium unique to saidparticular authorized user; said method further comprising: presentingfor access at said user control interface only voice mail functionsaddressed to said authorized user.
 31. The method of claim 30 furthercomprising: providing a keypad at said user control interface; wherein:said indicium comprises a passcode; and said presentation of saidindicium comprises entry of said passcode at said keypad.
 32. The methodof claim 28 further comprising activating said voice mail functionalityautomatically upon entry of said system into said state consistent withpresence of an authorized user on said premises.
 33. The method of claim27 wherein: at least one telephone set is connected to said telephoneline; said method further comprising: providing a call screeningfunction at at least one of (a) said at least one telephone set, and (b)said at least one user control interface.
 34. The method of claim 33wherein said call screening function comprises an ability to answer acall being screened.
 35. The method of claim 33 wherein: said usercontrol interface includes a speaker; said voice mail functionalitycomprises playback of an outgoing message to an incoming caller; andsaid call screening function is full-duplex, allowing said incomingcaller to speak an announcement that is audible at said speaker duringsaid playback of said outgoing message.
 36. The method of claim 27wherein: at least one telephone set is connected to said telephone line,said least one telephone set having a ringer; said method furthercomprising: providing a privacy function whereby said ringer can bedeactivated under control of a user.
 37. The method of claim 27 wherein:said telephone interface unit further comprises a calling partyidentification unit for displaying calling party identification data;said method further comprising: displaying said calling partyidentification data at said user control interface.
 38. The method ofclaim 37 wherein: said user control interface includes a speaker; andsaid telephone interface unit further comprises a voice synthesis unit;said method further comprising: synthesizing said calling partyidentification data and announcing said calling party identificationdata at said speaker.
 39. The method of claim 37 wherein: said usercontrol interface includes a speaker; said method further comprising:storing at least one telephone number and identifying data associatedwith said telephone number at said telephone interface unit; and whensaid calling party identification data identifies said stored telephonenumber, announcing said identifying data at said speaker.
 40. The methodof claim 39 wherein said identifying data comprise stored spoken data.41. The method of claim 39 wherein: said telephone interface unitcomprises a voice synthesis unit; said method further comprising:synthesizing and announcing said identifying data.
 42. The method ofclaim 27 wherein said voice mail functionality is accessible only to anauthorized user on presentation of an indicium indicating authorizationto access said voice mail functionality.
 43. The method of claim 42wherein said indicium indicating authorization to access said voice mailfunctionality also is an indicium authorizing access to said securitysystem.
 44. The method of claim 42 wherein said indicium indicatingauthorization to access said voice mail functionality is different froman indicium authorizing access to said security system.
 45. The methodof claim 42 further comprising: providing a keypad at said user controlinterface; wherein: said indicium comprises a passcode; and saidpresentation of said indicium comprises entry of said passcode at saidkeypad.
 46. The method of claim 27 wherein: said voice mailfunctionality comprises a plurality of voice mailboxes; and saidtelephone interface unit comprises a calling party identification unitgenerating calling party identification data; said method furthercomprising directing incoming calls automatically to one of saidplurality of voice mailboxes based on said calling party identificationdata.
 47. The method of claim 27 wherein: said voice mail functionalitycomprises a plurality of outgoing greeting messages for playback toincoming callers; and said telephone interface unit comprises a callingparty identification unit generating calling party identification data;said method further comprising: selecting one outgoing greeting messageof said plurality of outgoing greeting messages for playback based onsaid calling party identification data.
 48. The method of claim 27wherein: at least one telephone set is connected to said telephone linethrough said telephone interface unit and said telephone interface unitfurther comprises an auto-redial function; said method furthercomprising: when a user dials a number using said connected telephoneset and said dialed number is busy, automatically redialing said dialednumber at predetermined intervals for up to a predetermined duration;and when said telephone interface unit detects a ringing signal as aresult of redialing said dialed number, generating an indicium forannunciation at said user control interface to signal said user toengage said connected telephone set.
 49. An integrated security andcommunications system comprising: security controller means having atleast one means for accepting sensory input, at least one means foroutputting an alarm and at least one control signal input/output port;control interface means operatively connected to said at least onecontrol signal input/output port; means connected to a communicationchannel for providing at least one communication function, and a firstcommunication port for connection to one of said at least one controlsignal input/output port of said security controller means for providingat least one of said at least one communication function to a user atsaid control interface means.
 50. The system of claim 49 wherein: saidcommunication channel comprises a telephone line; and said at least onecommunication function comprises voice mail.
 51. A security system formonitoring user premises, said system comprising: at least one means forsensing; at least one means for outputting an alarm; at least one usercontrol interface means; system controller means connected to said meansfor sensing, said means for outputting an alarm and said user controlinterface means, said at least one user control interface means beingused by a user to enter commands affecting a state of said system, saidsystem, when said state indicates that said system is active, monitoringsaid at least one means for sensing and outputting an alarm on saidmeans for outputting an alarm when said at least one means for sensingindicates that an alarm condition exists; and a telephone interfacemeans connected to said controller means and a telephone line forproviding voice mail functionality, said voice mail functionality beingaccessible at at least one of said at least one user control interfacemeans.
 52. The security system of claim 51 wherein: said voice mailfunctionality includes one or more of message retrieval, message waitingindication, and message header indication; and access to said voice mailfunctionality is restricted based on said state of said system.
 53. Thesecurity system of claim 53 wherein said voice mail functionality isaccessible when said state is consistent with presence of an authorizeduser on said premises.
 54. The security system of claim 54 having aplurality-of authorized users, wherein: a particular authorized userinitiates said state consistent with presence of an authorized user bypresenting at said user control interface means an indicium unique tosaid particular authorized user; and said telephone interface meanspresents for access at said user control interface means only voice mailfunctions addressed to said authorized user.
 55. The security system ofclaim 55 wherein: said user control interface means comprises keypadmeans; said indicium comprises a passcode; and said presentation of saidindicium comprises entry of said passcode at said keypad means.
 56. Thesecurity system of claim 53 wherein said voice mail functionality isactivated automatically upon entry of said system into said stateconsistent with presence of an authorized user on said premises.
 57. Thesecurity system of claim 51 further comprising at least one telephoneset connected to said telephone line; wherein: said telephone interfacemeans further provides a call screening function at at least one of (a)said at least one telephone set, and (b) said at least one user controlinterface means.
 58. The security system of claim 58 wherein said callscreening function comprises an ability to answer a call being screened.59. The security system of claim 58 wherein: said user control interfacemeans includes speaker means; said voice mail functionality comprisesplayback of an outgoing message to an incoming caller; and said callscreening function is full-duplex, allowing said incoming caller tospeak an announcement that is audible at said speaker means during saidplayback of said outgoing message.
 60. The security system of claim 51further comprising at least one telephone set connected to saidtelephone line, said least one telephone set having means for ringing;wherein: said telephone interface means further provides a privacyfunction whereby said means for ringing can be deactivated under controlof a user.
 61. The security system of claim 51 wherein said telephoneinterface means further comprises a means for displaying calling partyidentification data, said calling party identification data beingdisplayed at said user control interface means.
 62. The security systemof claim 62 wherein: said user control interface means includes speakermeans; and said telephone interface means further comprises means forsynthesizing voice for announcing said calling party identification dataat said speaker means.
 63. The security system of claim 62 wherein: saiduser control interface means includes speaker means; said telephoneinterface means comprises means for storing at least one telephonenumber and identifying data associated with said telephone number; andwhen said calling party identification data identifies said storedtelephone number, said identifying data are announced at said speakermeans.
 64. The security system of claim 64 wherein said identifying datacomprise stored spoken data.
 65. The security system of claim 64 whereinsaid telephone interface means comprises means for synthesizing voicefor announcing said identifying data.
 66. The security system of claim51 wherein said voice mail functionality is accessible only to anauthorized user on presentation of an indicium indicating authorizationto access said voice mail functionality.
 67. The security system ofclaim 67 wherein said indicium indicating authorization to access saidvoice mail functionality also is an indicium authorizing access to saidsecurity system.
 68. The security system of claim 67 wherein saidindicium indicating authorization to access said voice mailfunctionality is different from an indicium authorizing access to saidsecurity system.
 69. The security system of claim 67 wherein: said usercontrol interface means comprises keypad means; said indicium comprisesa passcode; and said presentation of said indicium comprises entry ofsaid passcode at said keypad means.
 70. The security system of claim 51wherein: said voice mail functionality comprises a plurality of voicemailboxes; said telephone interface means comprises calling partyidentification means generating calling part y identification data; andincoming calls are directed automatically to one of said plurality ofvoice mailboxes based on said calling party identification data.
 71. Thesecurity system of claim 51 wherein: said voice mail functionalitycomprises a plurality of outgoing greeting messages for playback toincoming callers; said telephone interface means comprises means forgenerating calling party identification data; and said telephoneinterface means selects one outgoing greeting message of said pluralityof outgoing greeting messages is for playback based on said callingparty identification data.
 72. The security system of claim 51 furthercomprising at least one telephone set connected to said telephone linethrough said telephone interface means; wherein: said telephoneinterface means further comprises an auto-redial function; whereby, whena user dials a number using said connected telephone set and said dialednumber is busy: said telephone interface means automatically redialssaid dialed number at predetermined intervals for up to a predeterminedduration; when said telephone interface means detects a ringing signalas a result of redialing said dialed number, said telephone interfacemeans generates an indicium for annunciation at said user controlinterface means to signal said user to engage said connected telephoneset.